package com.jyuxuan.recruitment.config;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import com.jyuxuan.recruitment.config.shiro.AdminRealm;
import com.jyuxuan.recruitment.config.shiro.EnterpriseRealm;
import com.jyuxuan.recruitment.config.shiro.RoleModularRealmAuthenticator;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;


/**
 * Shiro的配置类
 */
@Configuration
public class ShiroConfig {

    /**
     * 创建ShiroFilterFactoryBean
     *
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(
            @Qualifier("securityManager")DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        /**
         *
         *       添加Shiro内置过滤器
         *       Shiro内置过滤器，可以实现权限相关的拦截器
         *       常用的过滤器：
         *       anon: 无需认证（登录）可以访问
         *       authc: 必须认证才可以访问
         *       user: 如果使用rememberMe的功能可以直接访问
         *       perms： 该资源必须得到资源权限才可以访问
         *       role: 该资源必须得到角色权限才可以访问
         */

        Map<String, String> filterMap = new LinkedHashMap<String, String>();

        // 授权过滤器
        // 注意：当前授权拦截后，shiro会自动跳转到未授权页面
        filterMap.put("/**", "anon");
        // 放行login.html页面
//        filterMap.put("login.html", "anon"); // 要将登陆的接口放出来，不然没权限访问登陆的接口


        shiroFilterFactoryBean.setLoginUrl("login.html"); // 修改调整的登录页面
        shiroFilterFactoryBean.setUnauthorizedUrl("403.html"); // 设置未授权提示页面
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);

        shiroFilterFactoryBean.setSecurityManager(securityManager);

        return shiroFilterFactoryBean;
    }

    //配置下SecurityManager
    @Bean
    public DefaultWebSecurityManager securityManager(){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //设置校验器
        securityManager.setAuthenticator(roleModularRealmAuthenticator());
        List<Realm> realms=new ArrayList<>();
        realms.add(getAdminRealm());
        realms.add(getEnterpriseRealm());
        //设置Realm
        securityManager.setRealms(realms);
        return securityManager;
    }


    /**
     * 系统自带的Realm管理，主要针对多realm
     */
    @Bean
    public ModularRealmAuthenticator modularRealmAuthenticator() {
//        ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
        RoleModularRealmAuthenticator modularRealmAuthenticator = new RoleModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return modularRealmAuthenticator;
    }

    /**
     * 创建 EnterpriseRealm
     *
     * @return
     */
    @Bean
    public EnterpriseRealm getEnterpriseRealm() {
        return new EnterpriseRealm();
    }

    /**
     * 创建 AdminRealm
     *
     * @return
     */
    @Bean
    public AdminRealm getAdminRealm() {
        return new AdminRealm();
    }


    @Bean
    public RoleModularRealmAuthenticator roleModularRealmAuthenticator(){
        RoleModularRealmAuthenticator roleModularRealmAuthenticator = new RoleModularRealmAuthenticator();
        return roleModularRealmAuthenticator;
    }

}